missing transparency – Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Sun, 26 May 2019 20:47:43 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg missing transparency – Privacy Design® / 32 32 Denmark: DPA proposes ~160k EUR fine for taxi company over data minimization failure (Taxa 4×35) /2019/05/26/denmark-dpa-proposes-160k-eur-fine-for-taxi-company-over-data-minimization-failure-taxa-4x35/ Sun, 26 May 2019 20:47:43 +0000 /?p=777 Fine amounts to 2.8% of company’s turnover.

Company “anonymized” customer information after two years, by deleting customer names from its system – but retained phone numbers for three more years. Argument that phone numbers were integral to the database were dismissed.

https://en.horten.dk/News/2019/Marts/Recommended-GDPR-fine-of-DKK-1-2-mill-to-Danish-taxi-company

]]> [UK/India] – Health Company Fined by UK’s ICO /2018/02/25/uk-india-health-company-fined-by-uks-ico/ Sun, 25 Feb 2018 08:25:23 +0000 /?p=376 Continue reading "[UK/India] – Health Company Fined by UK’s ICO"

]]>
  • Subcontractor based in India to process sensitive personal data without adequate data processing / data transfer grounds
  • Lack of contractual definition of adequate technical and organisational measures in India
  • Sensitive personal data (with high severity) sent via unencrypted email
  • Sensitive personal data on  FTP server without restricted access controls
  • Patient found his/her data via Internet search

    • https://www.hldataprotection.com/2017/03/articles/international-eu-privacy/health-company-fined-by-uks-information-commissioner-office/

    ]]>         Germany/Bavaria: DPA scanning for web sites for privacy-compliant Google Analytics use /2018/02/21/germany-bavaria-dpa-scanning-for-web-sites-for-privacy-compliant-google-analytics-use/ Wed, 21 Feb 2018 16:46:14 +0000 /?p=246 Continue reading "Germany/Bavaria: DPA scanning for web sites for privacy-compliant Google Analytics use"

    ]]>     In 2012, the Bavarian DPA scanned German web sites for the privacy compliant use of Google Analytics.

    The DPA checked

    • if a written processing agreement had been put in place with Google,
    • if the privacy notice on the web site was transparent on the use of Google Analytics and the users’ option to avoid being tracked
    • if the Google Analytics’ “anonymization feature” was enabled in the web site’s source code

    13.404 Webseiten had been tested 2.371 companies were contacted for shortcomings.

    More information (in German) on  https://www.lda.bayern.de/de/google_analytics.html

    ]]>         Norwegian DPA blocks three smart device vendors from processing customer data /2018/02/21/norwegian-dpa-blocks-three-smart-device-vendors-from-processing-customer-data/ Wed, 21 Feb 2018 09:52:55 +0000 /?p=170 The Norwegian DPA has given Gator AS orders to discontinue all processing of personal information about its customers since they have not provided enough information in the smart bells they provide. In addition, PepCall AS and GPS for children – Smartprodukt AS have been notified of similar decisions.

    Use right-click in Chrome to translate:

    https://www.datatilsynet.no/aktuelt/2017/palegger-stans-i-behandlingen-av-personopplysninger-i-smartklokker/

    ]]>